TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
164
host connecting to the services offered on a host server. This can lead to unauthorized access and possibly escalated
privileges to that of the administrator through L3retriever HTTP Probe.
Signature ID: 1234
Linksys router default username and password login attempt Vulnerability
Threat Level: Warning
Nessus: 10999
Signature Description: LinkSys router is the general design is similar across all models. Therefore, the setup is similar
across all models. Some applications do not perform stringent checks when validating the credentials of a client host
connecting to the services offered on a host server. This can lead to unauthorized access and possibly escalated
privileges to that of the administrator in Linksys router.
Signature ID: 1235
Lotus Domino Delete Document attempt Vulnerability
Threat Level: Information
Signature Description: Lotus Domino is an IBM server product that provides test, deploy, and manage distributed,
enterprise-grade e-mail, collaboration capabilities, custom application platform, database, application. server,
administration, Web server. This rule detects when an attacker attempts to delete documents from a Lotus Domino
server.
Signature ID: 1236
Lotus Domino Server Directory Traversal Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0009 Bugtraq: 2173 Nessus: 12248,11344
Signature Description: Lotus Domino is an IBM server product that provides enterprise-grade e-mail, collaboration
capabilities, and custom application platform. Lotus Domino 5.0.6, Lotus Domino 5.0.5, Lotus Domino 5.0.3 and Lotus
Domino 5.0.2 are vulnerable to directory traversal on the web server. A remote attacker can send an invalid request,
that request URL containing .nsf, .box, or .ns4 with "dot dot" sequences (/../) to read sensitive files on the Web server.
In order to exploit this vulnerability, the server must be installed under the root directory. This vulnerability does not
work with Internet Explorer because it removes the .nsf from the URL.
Signature ID: 1237
Lotus Domino Edit Document attempt Vulnerability
Threat Level: Information
Signature Description: Lotus Domino is an IBM server product that provides test, deploy, and manage distributed,
enterprise-grade e-mail, collaboration capabilities, custom application platform, database, application. server,
administration, Web server. This rule detects when an attacker attempts to edit documents on a Lotus Domino server.
Signature ID: 1238
Macromedia Sitespring Default Error Page Cross Site Scripting Vulnerability
Threat Level: Warning
Industry ID: CVE-2002-1027
Bugtraq: 5249
Signature Description: Macromedia SiteSpring is a J2EE compliant website production management solution. The
Macromedia SiteSpring server runs on Microsoft Windows operating systems. By using this good way to manage Web
site development. As a well-structured product, it provides task management, discussion groups, versioning and a client
Web site all in one package.<br>Macromedia Sitespring 1.2 .0 is vulnerable version, these verions contains a cross site
scripting issue. A user could send a request, when an HTTP 500 error is returned, the user supplied data is included in
the generated HTML. This data is not properly sanitized, and it is possible to include arbitrary HTML, include
JavaScript.